twilio-csharp
twilio-csharp copied to clipboard
chore(deps): bump Microsoft.IdentityModel.JsonWebTokens from 6.15.0 to 6.34.0 in /src/Twilio
Bumps Microsoft.IdentityModel.JsonWebTokens from 6.15.0 to 6.34.0.
Release notes
Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.
6.34.0
Security fixes
See https://aka.ms/IdentityModel/Jan2024/zip and https://aka.ms/IdentityModel/Jan2024/jku for details.
6.33.0
Bug Fixes:
- Clean up log messages. See #2339 for details.
- Decouple JsonElements from JsonDocument, which causes issues in multi-threaded environments. See #2340 for details.
6.32.3
- Fix logging messages. See AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2288 for details.
6.32.2
Bug fixes:
- Underlying JsonDocument is never disposed, causing high latency in large scale services. See #2258 for details.
6.32.1
- Fix thread safety for JsonClaimSet Claims and JsonWebToken Audiences. See AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2185 for details.
6.32.0
New features:
- Adding an AAD specific signing key issuer validator. See issue #2134 for details.
- Better support for WsFederation (#2100)
Bug fixes
- Address perf regression introduced in 6.31.0 (#2131)
6.31.0
This release contains work from the following PRs and commits:
- Introduce ConfigurationValidationException(#2076)
- Disarm security artifacts(#2064)
- Throw SecurityTokenMalformedTokenException on malformed tokens(#2080)
- Add ClaimsMapping to JsonWebTokenHandler https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/8e7f07e859629a850e375518fcce2b6057380721
6.30.1
This release contains work from the following PRs:
- Modified token validation to be async throughout the call graph #2075
- Enforce key sizes when creating HMAC #2072
- Fix AotCompatibilityTests #2066
- Use up-to-date "now", in case take long time to get Metadata #2063
This release addresses #1743 and, as such, going forward if the SymmetricKey is smaller than the required size for HMAC IdentityModel will throw an ArgumentOutOfRangeException which is the same exception when the SymmetricKey is smaller than the minimum key size for encryption.
6.30.0
Beginning in release 6.28.0 the library stopped throwing SecurityTokenUnableToValidateException. This version (6.30.0) marks the exception type as obsolete to make this change more discoverable. Not including it in the release notes explicitly for 6.28.0 was a mistake. This exception type will be removed completely in the next few months as the team moves towards a major version bump. More information on how to replace the usage going forward can be found here: https://aka.ms/SecurityTokenUnableToValidateException
Indicate that a SecurityTokenDescriptor can create JWS or JWE
... (truncated)
Changelog
Sourced from Microsoft.IdentityModel.JsonWebTokens's changelog.
See the releases for details on bug fixes and added features.
7.3.1
Bug Fixes:
- Replace propertyName with
MetadataName
constant. See issue #2471 for details.- Fix 6x to 7x regression where mixed cases OIDC json was not correctly process. See #2404 and #2402 for details.
Performance Improvements:
- Update the benchmark configuration. See issue #2468.
Documentation:
- Update comment for
azp
inJsonWebToken
. See #2475 for details.- Link to breaking change announcement. See #2478.
- Fix typo in log message. See #2479.
7.3.0
New Features:
Addition of the ClientCertificates property to the HttpRequestData class enables exposure of certificate collection involved in authenticating the client against the server and unlock support of new scenarios within the SDK. See PR #2462 for details.
Bug Fixes:
Fixed bug where x5c property is empty in JwtHeader after reading a JWT containing x5c in its header, issue #2447, see PR #2460 for details. Fixed bug where JwtPayload.Claim.Value was not culture invariant #2409. Fixed by PRs #2453 and #2461. Fixed bug where Guid values in JwtPayload caused an exception, issue #2439. Fixed by PR #2440.
Performance Improvements:
Remove linq from BaseConfigurationComparer, improvement #2464, for additional details see PR #2465.
Engineering Excellence:
New benchmark tests for AsymmetricAdapter signatures. For details see PR #2449.
7.2.0
Performance Improvements:
Reduce allocations and transformations when creating a token #2395. Update Esrp Code Signing version to speed up release build #2429.
Engineering Excellence:
Improve benchmark consistency #2428. Adding P50, P90 and P100 percentiles to benchmarks #2411. Decouple benchmark tests from test projects #2413. Include pack step in PR builds #2442.
Fundamentals:
Improve logging in Wilson for failed token validation when key not found #2436. Remove conditional Net8.0 compilation #2424.
7.1.2
... (truncated)
Commits
edcac44
release with small r6fac685
skip suffix for release builds2f945a4
update version to 6.34.074cc160
Merged PR 10242: Update Dev6x to fix the release build4845cf1
Merged PR 10239: Commenting out a constant which is not usede06dc84
Merged PR 10213: Set MaximumDeflateSize0b2f269
Merged PR 10182: Don't resolve jku claim by defaultc3e99cd
update build config version (#2350)8ea36a8
Update CHANGELOG.md (#2348)9d9925e
[Log Scrubbing] Clean up log messages in Wilson (#2339) (#2344)- Additional commits viewable in compare view
You can trigger a rebase of this PR by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.